EP2053820A1 - Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung - Google Patents

Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung Download PDF

Info

Publication number
EP2053820A1
EP2053820A1 EP07020644A EP07020644A EP2053820A1 EP 2053820 A1 EP2053820 A1 EP 2053820A1 EP 07020644 A EP07020644 A EP 07020644A EP 07020644 A EP07020644 A EP 07020644A EP 2053820 A1 EP2053820 A1 EP 2053820A1
Authority
EP
European Patent Office
Prior art keywords
network element
network
value
hash
way function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07020644A
Other languages
English (en)
French (fr)
Inventor
Dirk Kröselberg
Kari Miettinen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks Oy
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to EP07020644A priority Critical patent/EP2053820A1/de
Publication of EP2053820A1 publication Critical patent/EP2053820A1/de
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/80Arrangements enabling lawful interception [LI]

Definitions

  • the invention relates to a method and to a device for data processing and to a communication system comprising such a device.
  • WiMAX networks it is possible to hide the real subscription and hence the subscriber's identity from the local access network and/or from the visited network (in case of roaming).
  • ASN Access Service Network
  • vCSN visited Connectivity Service Network
  • hCSN home CSN
  • WiMAX subscribers or devices can use a pseudonym instead of their real subscription identities as the username part of the Network Access Identifier (NAI, see [2]) provided to the network during network entry and during the authorization procedure uses an Extensible Authentication Protocol (EAP, see [3]).
  • NAI Network Access Identifier
  • EAP Extensible Authentication Protocol
  • the real subscription identity is communicated only from the subscriber's device to the hCSN, EAP allows for hiding this identity in a way that any traversed network in-between, especially ASN or any vCSN cannot see the real identity of the subscriber.
  • Legal interception may be required in the local access network or the visited network in particular with regard to a nationally or internationally roaming subscriber. However, as no real subscription identity is made available in the ASN or vCSN, any Legal Enforcement Agency (LEA) is unable to map any intercepted information to a specific subscriber, i.e. a real or legal person.
  • LSA Legal Enforcement Agency
  • the problem to be solved is to overcome the disadvantages as described and to provide an approach that allows legal interception in an efficient way.
  • said session information provided by the first network element may in particular be session related and/or connection related and/or call related information.
  • Said session information may further be or be associated with information that is required prior to an actual session being (or to be) established and/or required for an establishment of a session.
  • said session information may be related to information regarding the preparation (process) of a session.
  • Said session related information may in particular be utilized identifying a subscriber and/or terminal.
  • such session information may relate to an initial registration of a particular subscriber, e.g., a mobile subscriber.
  • the session information is or is associated with a trigger for the second network element to determine said first Id-value.
  • the second network element is able to map the session information to identity information thereby identifying the actual subscriber. This identity information is converted into said first Id-value, e.g., a first hash value that is conveyed to the first network element.
  • said information of the first Id-value can be utilized for data interception purposes.
  • the first network element stores the first Id-value with an associated session profile.
  • intercepted data may refer to user data as well as to control data.
  • various kinds of data traffic may be subject to interception.
  • signaling information can be subject to interception.
  • Identity information may comprise in particular data that is associated with the real identity of the subscriber, i.e. the identity of the real or legal person connected with this subscriber.
  • WiMAX For legal interception purposes, in particular in WiMAX networks, it may be useful providing access to both control and data traffic generated by and for a subscriber that uses network and application services (e.g., VoIP or any form of multimedia) offered by the (WiMAX) network.
  • network and application services e.g., VoIP or any form of multimedia
  • Interception is typically done in network entities being in charge of controlling the subscriber related traffic and/or signaling information.
  • ASN GW Access Service Network Gateway
  • HA Home Agent
  • IMS IP multimedia subsystem
  • CSN Connectivity Service Network
  • AAA Authentication, Authorization and Accounting
  • AAA server storing subscriber's subscription data may be affected as well as potential application servers providing services like voice over IP (VoIP) or services regarding a location.
  • VoIP voice over IP
  • a significant information that is subject to such an interception is an identity and/or additional information allowing to map intercepted data to the subscription used by the device being intercepted.
  • the subscriber's identity referring to a real or legal person can be determined.
  • the method comprises the following step that may in particular be processed prior to step (b), prior to step (c) or after step (c): (d1) a third network element provides a second Id-value to the first network element.
  • the third network element being a or initiated by an LEA conveys the second Id-value to the first network element.
  • the second Id-value is determined by processing identity information via the first one-way function.
  • the third network element utilizes the first one-way function, in particular a hash-function, to determine the second Id-value based on an identity information available at the third network element.
  • the method further comprises the step: (d2) the first network element compares the first Id-value and the second Id-value and in case they match forwards (interception) data to the third network element.
  • the first Id-value stored at the first network element is compared to the second Id-value obtained from the third network element. If they match, the underlying subscriber is determined to be subject to interception and the first network element forwards data to be intercepted (e.g., user data, controlling data, signaling data) towards the third network element or any other network element being in charge of receiving the respective intercepted data.
  • data to be intercepted e.g., user data, controlling data, signaling data
  • the first network element may initiate forwarding of interception data towards the LEA.
  • the second network element applies the first one-way function (e.g., a first hash function) to the identity information based on the session information provided by the first network element.
  • the output of this first one-way function is input to the second one-way function (e.g., a second hash function) thereby producing the first Id-value.
  • the output of the second one-way function is also depending on an input parameter.
  • the first one-way function and the second one-way function may process the same algorithm, wherein the second one-way function has in addition a parameter that is input to said one-way function.
  • said parameter is valid for a predetermined period of time. It is a further alternative that said parameter comprises at least one of the following:
  • the method comprises the following step that may in particular be processed prior to step (b), prior to step (c) or after step (c): (d1) a third network element provides a second Id-value to the first network element.
  • the second Id-value is determined by processing identity information via the first one-way function.
  • the method comprises the steps: (d2) the first network element determines a third Id-value by processing the second Id-value via the second one-way function; (d3) the first network element compares the first Id-value and the third Id-value and in case they match forwards (interception) data to the third network element.
  • the first network element computes the third Id-value by utilization of the second one-way function and the parameter, which are both accessible to the first network element.
  • the first Id-value stored at the first network element is compared to the third Id-value as calculated. If they match, the underlying subscriber is determined to be subject to interception and the first network element forwards data to be intercepted (e.g., user data, controlling data, signaling data) toward the third network element or any other network element being in charge of receiving the respective intercepted data.
  • data to be intercepted e.g., user data, controlling data, signaling data
  • the first network element may initiate forwarding of interception data towards the LEA.
  • the first one-way function and/or the second one-way function each is a hash-function or a function pursuant to a hash-algorithm.
  • the Id-value is a hash-value.
  • EAP Extensible Authentication Protocol
  • the identity can - depending on the capabilities of an actual EAP method - be hidden and only be revealed by the end device (EAP supplicant) and the backend AAA server, but not by an intermediate network element.
  • the first network element may be realized in or as one of the previous components.
  • the second network element comprises a functionality of at least one of the following components:
  • the second network element may be realized in or as one of the previous components.
  • the network comprises a mobile station, a visited network and a home network.
  • said session information comprises at least one of the following:
  • the session information may preferably comprise or be a piece of information connected to a particular session of at least one subscriber.
  • the identity information comprises at least one of the following:
  • the identity of the subscriber may in particular comprise information upon the real subscriber, i.e. the real or legal person behind the subscription.
  • the status of a subscriber may reveal whether such subscriber is (or was) active in the network.
  • the status may show a position of the subscriber within the respective network, in particular over a given time period. Based on such information, tracking of a subscriber's position within the network (over a predetermined period of time) is possible, in particular with the benefit of hindsight.
  • the third network element is a legal interception (LI) device and/or a Legal Enforcement Agency (LEA).
  • LI legal interception
  • LEA Legal Enforcement Agency
  • the third network element is a legal interception (LI) device.
  • LI legal interception
  • Such legal interception (LI) device may be located within the range of a visited network or within a home network.
  • the LI device may further be at least partially implemented within the first or the second network element.
  • the third network element forwards data to a Legal Enforcement Agency (LEA).
  • LEA Legal Enforcement Agency
  • a device for comprising a processor unit that is equipped and/or arranged such that the method as described herein is executable on said processor unit.
  • the device is a communication device, in particular one of the following:
  • a device for data processing comprising:
  • said device further comprises:
  • Fig.1 shows a WiMAX Architecture comprising a Subscriber Station SS (also referred to as Mobile SS, MSS), a visited network 101 and a home network 102.
  • Subscriber Station SS also referred to as Mobile SS, MSS
  • MSS Mobile SS
  • the visited network 101 comprises a Network Access Provider NAP with an Access Service Network ASN 103 and another ASN 104, wherein the ASN 103 and the ASN 104 are connected via an R4 interface.
  • the visited network 101 further comprises a visited Network Service Provider NSP comprising a Connectivity Service Network CSN 105 that is connected to an ASP network or the Internet 106.
  • the ASN 103 and the CSN 105 are connected via an R3 interface.
  • the Subscriber Station SS is connected to the ASN 103 via an R1 interface.
  • the Subscriber Station SS is further connected to the CSN 105 via an R2 interface.
  • the home network 102 comprises a home Network Service Provider NSP with a Connectivity Service Network 107 that is connected to a ASP Network or the Internet 108.
  • the CSN 107 is connected to the CSN 105 via an R5 interface and to the Subscriber Station SS via an R2 interface.
  • a LI Device 109 may be located within the visited network 101 and it may be connected to a Legal Enforcement Agency 110. As an alternative, the LI Device 109 may be located within the home network 102.
  • the LI Device 109 is connected to an ASN GW 111 within the ASN 103 and to a Home Agent HA 112 within the CSN 105. It is to be noted that the ASN GW 111 and/or the HA 112 may be functional components implemented in the respective blocks 103, 105. Alternatively, the ASN GW and/or HA may comprise such LI device functionality 109.
  • the HA 112 can be located within the visited network or within the home CSN.
  • a legal intercept facility e.g., an LI device
  • an LEA is able to map a pseudonym or any other kind of temporary identity to a subscriber's identification or any other data connected to an actual or legal person, or vice versa.
  • the mechanism allows maintaining an identity hiding feature as specified by the WiMAX Forum.
  • ASN or CSN For intercepting information in a WiMAX access or visited network (ASN or CSN) and for correlating intercepted information to subscriber identities, in particular the following approaches can be utilized.
  • the LI device or the LEA receives intercepted information (control/signaling information and/or data) from the network elements of the access network and/or of the visited network (e.g., ASN-GW, Mobile-IP HA, P-CSCF, S-CSCF, AAA-Server in the visited network).
  • the visited network e.g., ASN-GW, Mobile-IP HA, P-CSCF, S-CSCF, AAA-Server in the visited network.
  • the LI infrastructure may independently also receive information from the home network of the subscription.
  • Such information from both networks may include specific session-related information (e.g., session-related identifiers) that allow a mapping of intercepted data.
  • session-related information e.g., session-related identifiers
  • LI architectures include an LI device (a mediation device and/or an aggregation device) to trigger an interception as requested by an LEA and to aggregate intercepted information as well as to send such information (or a portion thereof) to the LEA that asked for interception.
  • the information forwarded to the LEA by the LI device may in particular be (partially) processed, e.g., filtered and/or compressed by the LI device to meet the request of the LEA.
  • data may be transparently forwarded to the LEA without any processing by the LI device.
  • the LEA may further correlate information received from different sources and hence be able to reveal an identity of a subscription, i.e., the real or legal person.
  • Such correlation can be conducted (to a full or partial extent) by the LI device.
  • the approach suggested advantageously provides an extension to the existing AAA interface in a WiMAX environment that connects the ASN with the hCSN AAA server via the R3 interface, or the vCSN with the hCSN via the R5 interface.
  • At least one "one-way function" is utilized.
  • This one-way function can be realized as a hash function and/or as a hash algorithm in order to produce hash values instead of a real subscriber identities (NAI).
  • NAI real subscriber identities
  • Such hash function may be processed in the home operator's AAA server and/or within the LI infrastructure or the LI equipment.
  • Fig.2 shows a message flow diagram depicting WiMAX legal interception based on Id-values that are provided as hash values.
  • Fig.2 comprises a mobile station MS 201, a base station BS 202 a first network element 203 (that can be, e.g., an ASN GW, a HA, a vAAA or the like), a second network element 204 (e.g., an AAA server), a third network element 205 (e.g., an LI device and/or an LEA).
  • a first network element 203 that can be, e.g., an ASN GW, a HA, a vAAA or the like
  • a second network element 204 e.g., an AAA server
  • a third network element 205 e.g., an LI device and/or an LEA.
  • Hash values (also referred to as "LI_hash”) may then be passed to the local or visited network by the AAA server, instead of sending the real NAI.
  • the AAA server 204 performs the LI_hash calculation for each network access request 206 received and sends the LI_hash value computed together with existing AAA messages 207 (e.g., Access-Accept-message and/or Access-Reject-message) to the access network ASN-GW 203.
  • existing AAA messages 207 e.g., Access-Accept-message and/or Access-Reject-message
  • the ASN-GW 203 stores for every registered subscriber or AAA session the received LI_hash received in its local database.
  • the legal enforcement infrastructure 205 performs the LI_hash calculation, preferably independent from the AAA server, for a subscriber that needs to be intercepted. It is to be noted that algorithms (i.e., the one-way function, e.g., hash-function) as well as input parameters like the real user ID (also referred to as "identity information”) are also known to the LEA or LI equipment 205 that is in charge of providing information to the local or visited network about which session to intercept.
  • algorithms i.e., the one-way function, e.g., hash-function
  • input parameters like the real user ID (also referred to as "identity information”
  • identity information also known to the LEA or LI equipment 205 that is in charge of providing information to the local or visited network about which session to intercept.
  • the ASN or v-CSN 203 that is in charge of performing the actual interception may receive an LI_hash value for any registration of a subscriber or mobile station 201 from the AAA server 204. It will also receive an LI_hash value from the LI infrastructure 205 requesting interception. The ASN 203 then searches its database and AAA session cache for a match between any such LI_hash values. If there is a match, the target to be intercepted is identified and interception can be initiated without the ASN or vCSN 203 knowing the actual identity of the subscriber.
  • the approach may allow tracing the LI_hash values across several registrations over time, or across several access networks during handover.
  • a further mechanism is suggested herein in order to prevent such traceability of the subscriber based on the LI_hash value provided to the ASN or vCSN.
  • Fig.3 shows a message flow diagram depicting WiMAX legal interception based on Id-values that are provided as hash values via several hash functions.
  • Fig.3 comprises a mobile station MS 301, a base station BS 302 a first network element 303 (that can be, e.g., an ASN GW, a HA, a P-CSCF, a vAAA or the like), a second network element 304 (e.g., an AAA server) and a third network element 305 (e.g., an LI device and/or an LEA).
  • a first network element 303 that can be, e.g., an ASN GW, a HA, a P-CSCF, a vAAA or the like
  • a second network element 304 e.g., an AAA server
  • a third network element 305 e.g., an LI device and/or an LEA.
  • the AAA server 303 applies a second hash calculation after having generated the LI_hash value. This can be achieved by utilizing a further hash function, wherein the LI_hash value and an additional session-related parameter are input to said hash function computing a LI_hash_tmp value as a result.
  • said further hash function may utilize the algorithm of the previous (first) hash function.
  • said parameter is also to be considered by this further hash function.
  • the parameter may in particular be a session-related and/or temporary and/or time-based parameter.
  • another fixed string value can be utilized as such parameter.
  • This parameter can be, e.g., an AAA-session ID used in WiMAX, or the pseudonym NAI the subscriber is currently using, or a time-stamp.
  • the result of the further hash function is referred to as LI_hash_tmp.
  • the AAA server 304 sends the LI_hash_tmp value back in the AAA message 307 (Access-Accept-message or Access-Reject-message) for registration purposes.
  • the LI infrastructure 305 upon receiving an interception request, calculates the LI_hash value bases on the previous has function and sends via an Intercept request message 308 comprising this LI_hash value (it may not be aware of the temporary session-related information) to the ASN-GW 303.
  • the ASN-GW 303 is aware of said temporary information (e.g., the AAA-session ID) that is required as parameter for the further hash function. Hence, the ASN-GW 303 performs the second hash calculation using the temporary information and the LI_hash received from the LI infrastructure 305 thereby generating a LI_hash_tmp value.
  • said temporary information e.g., the AAA-session ID
  • the ASN-GW 303 compares the received LI_hash_tmp values as set forth above and if there is a match, the ASN-GW 303 will initiate interception.
  • the advantage of the additional step according to Fig.3 is in particular that the ASN or vCSN 303, for a normal registration without interception (the vast majority of ongoing sessions), gets a different LI_hash_tmp value for every registration. Hence, tracing of the same subscriber is rather impossible for the ASN or vCSN 303.
  • the approach described provides a solution for all roaming situations, even if the home network and local/visited networks are located in different locations/countries and are subject to different jurisdictions.
  • the mechanism of sending the LI_hash value to the ASN or vCSN can be realized by using the existing AAA interface in WiMAX.
  • Such realization may be provided based on a RADIUS protocol [4].
  • the mechanism of sending the LI_hash from the LI infrastructure (LEA, LI Gateway, etc.) to the ASN or vCSN operator and to the actual network elements performing interception, may at least partially depend on country-specific or proprietary interfaces.
  • a protocol field can be used that is able to carry an octet string value of at least 128bit length.
  • the LI infrastructure may also include the information identifying the home network of the subscriber to be intercepted (e.g., the realm part from the NAI holding the real subscriber identity).
  • this may not allow the ASN or vCSN to identify the subscriber that is subject to an interception, but it may allow the receiving entity (e:g., the ASN-GW) to limit the process of matching LI_hash values with the current session database to those entries matching the denounced home network or realm.
  • the receiving entity e:g., the ASN-GW
  • Such limitation may be advantageous to minimize the performance impact, especially in roaming scenarios.
  • the entity that is requested to generate legal intercept information may send a RADIUS access request message 206, 306 to the AAA server during network access authentication.
  • the AAA server adds the LI_hash value as a RADIUS attribute to the "Access-Accept-message" 207, 307 (or Access Reject in case of an unsuccessful registration attempt).
  • any suitable RADIUS attribute being able to carry an octet string value, or a newly defined attribute, e.g., WiMAX-specific VSA (vendor-specific attribute) may be utilized for such purpose.
  • the AAA server may as an additional alternative decide whether to add LI_hash values for its subscribers based on a local policy, e.g., derived from the legal situation in the country where the operator is residing, or based on the information about the ASN or vCSN that is requesting network access authentication.
  • a local policy e.g., derived from the legal situation in the country where the operator is residing, or based on the information about the ASN or vCSN that is requesting network access authentication.
  • the receiving entity e.g. ASN-GW, HA, vAAA or application server
  • the LI_hash value may optionally be sent for all subscribers and mobile stations, depending on the home network's policy and legislation.
  • the AAA-server can use a certain time-related value that may change at a predetermined or fixed rate (e.g., every day or every hour).
  • the ASN-GW receives a LI_hash value from the LI device or the LEA, it determines the relevant time information (either based on the actual time in case of a new registration, or based on the original time of registration for existing registrations) as input to the LI_hash_tmp calculation.
  • the LI_hash_tmp values can be generated in advance, e.g., during some idle time for the specific time period, in particular to speed up the matching process for a new incoming registration.
  • the message flow shown in Fig.2 and Fig.3 may vary, i.e., the LI_hash value can be received from the LI device/LEA 205, 305 prior to the LI_hash value or LI_hash_tmp value received from the AAA server 204, 304.
  • the receiving entity stores the values received and checks for every new registration whether the LI_hash received in the Access_Accept message matches a stored LI_hash (accordingly for LI_hash_tmp as per Fig.3 ).
  • the LI device/LEA 205, 305 represents LI equipment either located at an LEA premises, or within the operator's network.
  • the third network element (205, 305) only comprises the LI device, whereas the LEA is separated from the LI device.
  • the LEA may initiate an intercept request that may be conveyed to the LI device and then forwarded by the LI device.
  • the LEA may also calculate the LI_hash value based on identity information of the subscriber that is subject to interception.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
EP07020644A 2007-10-22 2007-10-22 Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung Withdrawn EP2053820A1 (de)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP07020644A EP2053820A1 (de) 2007-10-22 2007-10-22 Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP07020644A EP2053820A1 (de) 2007-10-22 2007-10-22 Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung

Publications (1)

Publication Number Publication Date
EP2053820A1 true EP2053820A1 (de) 2009-04-29

Family

ID=39262710

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07020644A Withdrawn EP2053820A1 (de) 2007-10-22 2007-10-22 Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung

Country Status (1)

Country Link
EP (1) EP2053820A1 (de)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011116821A1 (en) * 2010-03-25 2011-09-29 Nokia Siemens Networks Oy Method of protecting an identity of a mobile station in a communications network
EP2566126A1 (de) * 2011-09-02 2013-03-06 Koninklijke KPN N.V. Sichere Speicherung von Beschaffungsdaten in einem Netzwerk zur Steuerung legalen Abhörens
US20150319195A1 (en) * 2014-05-01 2015-11-05 Cable Television Laboratories, Inc. Obfuscation of lawfully authorized electonric surveillance
US11323488B2 (en) 2017-06-07 2022-05-03 Telefonaktiebolaget Lm Ericsson (Publ) Enhanced lawful interception

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6463533B1 (en) * 1999-04-15 2002-10-08 Webtv Networks, Inc. System for generating site-specific user aliases in a computer network
WO2004103006A1 (en) * 2003-05-16 2004-11-25 Nokia Corporation Multimedia component interception in a gateway gprs support node (ggsn)
WO2005032100A1 (en) * 2003-09-30 2005-04-07 Telefonaktiebolaget Lm Ericsson (Publ) Means and method for generating a unique user’s identity for use between different domains

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6463533B1 (en) * 1999-04-15 2002-10-08 Webtv Networks, Inc. System for generating site-specific user aliases in a computer network
WO2004103006A1 (en) * 2003-05-16 2004-11-25 Nokia Corporation Multimedia component interception in a gateway gprs support node (ggsn)
WO2005032100A1 (en) * 2003-09-30 2005-04-07 Telefonaktiebolaget Lm Ericsson (Publ) Means and method for generating a unique user’s identity for use between different domains

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WIMAX FORUM: "WiMAX End-to-End Network Systems Architecture - (Stage 2: Architecture Tenets, Reference Model and Reference Points) - December 15, 2005 DRAFT", 15 December 2005, WIMAX FORUM, XX, XX, PAGE(S) 1-242, XP002442962 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011116821A1 (en) * 2010-03-25 2011-09-29 Nokia Siemens Networks Oy Method of protecting an identity of a mobile station in a communications network
KR101451937B1 (ko) * 2010-03-25 2014-10-16 노키아 솔루션스 앤드 네트웍스 오와이 통신 네트워크에서 모바일 스테이션의 아이덴티티를 보호하는 방법
US9307402B2 (en) 2010-03-25 2016-04-05 Nokia Solutions And Networks Oy Method of protecting an identity of a mobile station in a communications network
EP2566126A1 (de) * 2011-09-02 2013-03-06 Koninklijke KPN N.V. Sichere Speicherung von Beschaffungsdaten in einem Netzwerk zur Steuerung legalen Abhörens
US20150319195A1 (en) * 2014-05-01 2015-11-05 Cable Television Laboratories, Inc. Obfuscation of lawfully authorized electonric surveillance
US9548999B2 (en) * 2014-05-01 2017-01-17 Cable Television Laboratories, Inc. Obfuscation of lawfully authorized electronic surveillance
US11323488B2 (en) 2017-06-07 2022-05-03 Telefonaktiebolaget Lm Ericsson (Publ) Enhanced lawful interception

Similar Documents

Publication Publication Date Title
US7933591B2 (en) Security in a mobile communications system
US7809003B2 (en) Method for the routing and control of packet data traffic in a communication system
US11751051B2 (en) Authentication method based on GBA, and device thereof
Lee et al. Extension of authentication protocol for GSM
US20060059344A1 (en) Service authentication
US20020052200A1 (en) Secured map messages for telecommunications networks
Khan et al. Defeating the downgrade attack on identity privacy in 5G
CN101322428A (zh) 用于传递密钥信息的方法和设备
EP2580901A1 (de) Sichere registrierung einer kundengruppe mit einem einzigen registrierungsverfahren
CN107113301A (zh) 用于移动订户的语音和文本数据服务
EP3525503A1 (de) Registrierung oder authentifizierung von benutzergeräten in einem besuchten öffentlichen landfunknetz
CN101252770A (zh) Ims的终端接入认证的方法、通信系统及相关设备
US7962122B2 (en) Secure traffic redirection in a mobile communication system
Kfoury et al. Secure end-to-end volte based on ethereum blockchain
EP2053820A1 (de) Verfahren und Vorrichtung zur Datenverarbeitung und Kommunikationssystem mit einer derartigen Vorrichtung
US9326141B2 (en) Internet protocol multimedia subsystem (IMS) authentication for non-IMS subscribers
EP3662653B1 (de) Mobilfunknutzer adaptiert um service validierung nachrichten zu senden
Manolopoulos et al. Securing smartphone based ITS
Barbeau et al. Perfect identity concealment in UMTS over radio access links
EP2023564A1 (de) Verfahren und Vorrichtung zum Abfangen von Daten und Kommunikationssysteme mit einer derartigen Vorrichtung
KR101088321B1 (ko) 이동국들 및 펨토셀들 내에 위치된 이동국들과의 무선 통신들을 프로비저닝하기 위한 방법들
US20100299423A1 (en) Method and device for data interception and communication system comprising such device
US8908871B2 (en) Mobile internet protocol system and method for updating home agent root key
Sher et al. Network access security management (NASM) model for next generation mobile telecommunication networks
EP3439344A1 (de) Registrierung eines benutzergeräts mit einem öffentlichen terrestrischen mobilfunknetz eines anbieters

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

AKX Designation fees paid
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20091030

REG Reference to a national code

Ref country code: DE

Ref legal event code: 8566